Gatekeeper Frequently Asked Questions (FAQ) List 12-Nov-93 Chris Johnson Q: I'm upgrading to a new version of Gatekeeper, and I've tried to throw away my old Gatekeeper Prefs file so that Gatekeeper will create a new one with all latest privileges in it. Unfortunately, it's not working; the Finder says it can't empty the Trash because the Prefs file is in use. What's going wrong? A: Nothing, really. The Gatekeeper Prefs file is still being used by the old version of Gatekeeper currently operating inside your Mac. This needn't be a problem, however. If you're using System 7 (or better), just the put that old prefs file in the Trash and leave it there. Don't bother trying to empty the Trash. Now proceed with the installation of the new Gatekeeper and restart the Mac when you're finished. Once the Mac has been restarted you'll have no trouble emptying the Trash. If you're using System 6 (or earlier), just drag the old prefs file out of the System Folder. It doesn't matter where you put it, so long as you can find it again later. Now proceed with the installation of the new Gatekeeper and restart the Mac when you're finished. Once the Mac has been restarted, place the old Prefs file in the Trash; you'll have no trouble emptying it now. Q: Does friendly email qualify as sending a postcard? I'm too cheap for the stamp. A: No. It's really not the same.... I want those postcards; it's a small thing to ask, and it does leave me *something* to show for all the work. Q: Is there a Gatekeeper mailing list? A: There wasn't until the release of Gatekeeper 1.2.9, but now there is one. For more information, see the document "Gatekeeper Mailing List.txt" which was included in the complete Gatekeeper distribution. Q: Why does Gatekeeper have an expiration date? A: The expiration date and associated obsolecence warning exists to make sure that people don't depend on out-of-date anti-virus soft- ware for any significant length of time. The presense of out-of-date anti-virus software in the world only helps viruses and their authors; it hurts people who believe they're protected when they aren't, prevents them from benefitting from bug fixes or other improvements that've been incorporated in later vers- ions, and hurts the reputation of the product when people discover that their old version isn't protecting them from some virus, or is malfunctioning in some way that has since been dealt with. Since Gatekeeper and other suspicious activity monitor products (like SAM and Virex in some modes) work as a kind of early warning system for the entire Macintosh community, it's a bad thing if there's a lot of old, less robust versions still in use since they potentially form holes in that system. Q: How can I find out what Gatekeeper's expiration date is? A: There's no facility for doing so. You could set your Mac's clock ahead by a year or two, reboot your machine and see what Gatekeeper says, but that's about it. FYI, the shortest expiration time on a Gatekeeper release has been 6 months. For Gatekeeper 1.2.7, which has already expired, it was 7. For 1.2.8 and 1.2.9 it's 12 months from the date of their respective releases. Q: Does Gatekeeper stop working when it expires? A: No. Even after its expiration date, Gatekeeper continues to be fully functional. The expiration message is only for your information. Q: Is Gatekeeper incompatible with MacTCP? I just installed a fresh copy of MacTCP and Gatekeeper vetoed an operation on the MacTCP Prep file when I restarted the machine. A: No, Gatekeeper has no conflict with MacTCP. The only way this problem can occur is if you're using a modern version of Gatekeeper in conjunction with a very old Gatekeeper Prefs file. To solve the problem, get rid of the old Gatekeeper Prefs file (see the question on trashing the Prefs file elsewhere in this FAQ). Also get rid of the MacTCP Prep file which was the victim of this conflict (don't worry; MacTCP will create a new MacTCP Prep file the next time you restart your Mac). Once you've eliminated both files, restart your Mac and everything should work perfectly. Q: Some program whose name begins with a period (.) is performing operations which Gatekeeper keeps vetoing. I searched my hard disk for a file with that name, but couldn't find one. What gives? A: Names beginning with a period, like ".ipp", are names of *drivers*, rather than files. Since drivers typically live *inside* files (like the System file), you won't find a file on your disk with its name. Nonetheless, drivers can be granted privileges, so the problem of those vetoes can be solved. It'll be easiest to grant those privileges from the Log File display in the Gatekeeper Controls control panel. See the "Gatekeeper Introduction" document for details on how to grant privileges from the Log File display. Q: Can Gatekeeper and Disinfectant be used together? If so, does that include the Disinfectant INIT, too? A: Yes and yes. Sure, using both Gatekeeper *and* Disinfectant INIT is redundant in a number of respects, but if the products get along together (and they do) what's wrong with redundant protection? Personally, I recommend it. Q: Will Gatekeeper work on the much anticipated Power PC machines? A: It should. Gatekeeper 1.3 has been tested on a Power PC machine without incident. Unless Gatekeeper or the Power PC machines have changed adversely since that test was performed, there's every reason to believe they'll work together just fine. Q: When a privilege violation occurs, I'd really like Gatekeeper to bring up an alert asking me whether or not the offending operation should be vetoed. Sort of a "Notify & Ask" mode, if you see what I mean. I can't be the only person to have suggested this; how come there's no such feature? A: There's two reasons. The first is that I think such a mode is only useful and safe for the most sophisticated of users. In such a mode, the anti-virus protection you receive is only as good as the answers you provide to the anti-virus system's questions. If you happen to give bad answers, bad things happen. Gatekeeper was designed around that idea that people shouldn't have to know anything about viruses in order to be protected from them; the anti-virus system should have a built-in database that already knows the answers. That's what Gatekeeper's privilege list is all about. Sure, it's not perfect, but it works really well even so. Nonetheless, I readily concede that a Notify & Ask mode would have its uses, and I'd have implemented it (and more) by now if it weren't for two things: (a) Gatekeeper often operates at times when software is not allowed to do *anything* that might cause memory to be moved or purged, and (b) even the simplest of QuickDraw calls (like LineTo) reserves the right to move or purge memory. So if Gatekeeper were to attempt to draw even the most rudimentary of alerts at the wrong time a very ugly crash would occur. Obviously, SAM knows how to bring up alerts safely at apparently arbitrary times. Less obviously, the Mac OS does, too. Unfortun- ately, I don't think the nice folks at Symantec are gonna tell me how they did it, :-) and the folks at Apple just don't seem to know how the Mac OS pulls it off anymore. (OK, *someone* at Apple *must* know....) Anyway, I have my own ideas about safe ways to bring up alerts, etc. at arbitrary times, but there's still a lot of code to be written, so everyone will have to continue to be patient (unless someone out there knows the real trick to this). Q: I still want that Notify & Ask mode. Couldn't you use the Notification Manager to implement this? A: Unfortunately, no. The Notification Manager provides a marvelously simple, safe and compatible way to present asynchronous notifications to users (which is why Gatekeeper already uses it display all of its existing alerts), but it doesn't do synchronous notifications, and its alerts can't be customized, i.e. there's no way to add an extra button or two. So, the Notification Manager is really handy, but it just wasn't designed for this kind of work. Q: I keep seeing messages from Gatekeeper saying that "System" is violating the Res(Other) privilege while making a "RsrcMapEntry" call. What gives? A: You're probably using either AutoDoubler, or some product which uses its internal compressor. See the question regarding Nisus elsewhere in this FAQ for details. If you're *sure* AutoDoubler isn't involved in any way, send me a problem report. Q: Whenever I run Nisus I see messages from Gatekeeper saying that the program "System" is violating the Res(Other) privilege while making a call apparently called "RsrcMapEntry". What's going on here? A: Recent versions of Nisus appear to use the AutoDoubler Internal Compressor (AIC). As such, there's not much I can do to offer a good solution to the problem. One less-than-wonderful solution is to grant the Res(Other) privilege to the System. While this will eliminate the annoying alerts from Gatekeeper, it will also open-up a security hole which just might be a problem someday. Of course, I could discontinue protection of the RsrcMapEntry call altogether (it's already been watered-down over time for reasons like this), but that would open-up an even bigger security hole. The Macintosh developer community needs to come to grips with the fact that an anything-goes, I-should-be-able-to-do-whatever-I-want approach to software design precludes useful attempts to provide security to the platform. And without some form of security, the viruses run amok, and we all lose out. Q: Does Gatekeeper work with AutoDoubler? A: This question is backwards, for two reasons. (1) Gatekeeper predates AutoDoubler (a minor point, but worth remembering), and (2) Gatekeeper provides a truly *fundamental* service to the Macintosh community as a *whole*; AutoDoubler which provides neither a fundamental service, nor a service which benefits the whole Macintosh community, isn't even in the same league as Gatekeeper. The question should really be: "Does AutoDoubler work with Gatekeeper?" Q: Does AutoDoubler work with Gatekeeper? A: No. Not consistently. This goes for software which relies on the AutoDoubler Internal Compressor (AIC) as well. If you choose to use Gatekeeper and any 'Doubler product together - and some people do so with surprising success - I don't want to hear about any problems. Q: Does AutoDoubler work with other anti-virus products of the suspicious- activity-monitor variety? A: Yes. Originally, AutoDoubler conflicted with some (possibly all) of them, but the anti-virus products were modified to work around Auto- Doubler. Unfortunately, all those anti-virus products are commercial, so if you're considering buying AutoDoubler, be sure to factor in the cost of buying a new anti-virus system to go along with it. Q: Do any of the on-the-fly disk/file compression utilities work with Gatekeeper? A: Some appear to, including the StuffIt SpaceSaver product. Personally, though, I don't recommend using *any* on-the-fly compression product, no matter how competent and conscientious its developer may be. The best solution for a small hard disk is a big one, not a complex piece of software standing between you and your data, consuming CPU cycles, and adding even more failure modes to machines far too prone to failure in the first place. Q: I called the AutoDoubler folks to ask about the conflict with Gate- keeper. They said they're in touch with the publishers of Gatekeeper, that it's Gatekeeper's fault, and that the Gatekeeper developers are working to fix the problem. Is this true? A: No, not a word of it. I'm the "publisher". I'm the developer. I'm the whole show. If I'd heard from the AutoDoubler folks in the last year (or two) I'm sure I'd know about it. If I'd come to the conclusion that it was all my fault, I expect I'd be aware of that, too. If I was working to fix the problem, I'm sure I'd have noticed that.... Q: Why does half this FAQ seem to be concerned with AutoDoubler? A: Because it seems like half the Gatekeeper email I get is concerned with AutoDoubler, and I don't ever want to see a message mentioning it again. I know, I know... fat chance of that happening, but I can hope.... :-)